From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Wed, 4 Nov 2009 17:48:38 +0000 (+0100)
Subject: Set vm.mmap_min_addr to 4096 to block a security problem.
X-Git-Tag: v2.9-beta1~633
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dc931fbac742edd2963118cb1e3203baa0e4d56c;p=people%2Fstevee%2Fipfire-2.x.git

Set vm.mmap_min_addr to 4096 to block a security problem.
---

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index f88ec5f7a3..8855e3206e 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -23,3 +23,4 @@ net.ipv4.conf.all.log_martians = 1
 
 kernel.printk = 1 4 1 7
 vm.swappiness=0
+vm.mmap_min_addr = 4096
diff --git a/config/rootfiles/core/33/update.sh b/config/rootfiles/core/33/update.sh
index 08c886d416..582e30837e 100644
--- a/config/rootfiles/core/33/update.sh
+++ b/config/rootfiles/core/33/update.sh
@@ -25,12 +25,16 @@
 /usr/local/bin/backupctrl exclude >/dev/null 2>&1
 #
 #Stop services
-
+#
+#Set vm.mmap_min_addr to block a kernel security hole
+grep -v "vm.mmap_min_addr" /etc/sysctl.conf > /var/tmp/sysctl.conf.tmp
+echo "vm.mmap_min_addr = 4096" >> /var/tmp/sysctl.conf.tmp
+mv /var/tmp/sysctl.conf.tmp /etc/sysctl.conf
+sysctl -w vm.mmap_min_addr="4096"
 #
 extract_files
 #
 #Start services
-
 #
 #Update Language cache
 perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"